Stefan, If everythig works now. Then keep it as is. Most probly it was the firewall that caused the problem. @Rowland, good point. Im everytime amazed with all the commands you know.. :-) And SID: S-1-5-21domain-513 = domain users. These are "Samba Sids" S-1-22-[1-2] 1 useres 2 groups And thats corect with wbinfo -g 10513 shows all groups. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: vrijdag 22 februari 2019 15:21 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Debian 9.8 and vanbelle-repos > > Am 22.02.19 um 15:16 schrieb Rowland Penny via samba: > > On Fri, 22 Feb 2019 15:03:37 +0100 > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > >> Hai, > >> > >> That bond0 interface, you might want to change that the interface > >> name to bond1 Depending on the bonding settings, you might > have hit a > >> reserved name. I lots my docu on that but i know i > configured a bond1 > >> because bond0 didn work right. > >> > >> And then check these. > >> > >> wbinfo -pPt ( or wbinfo -p && wbinfo -P && wbinfo -t ) > >> > >> wbinfo --sids-to-unix-ids S-1-22-2-10513 > >> wbinfo -D ARBEITSGRUPPE > >> wbinfo --all-domains > >> > >> > > > > S-1-22-1 is an unmapped group, so where has the correct SID gone ? > > Is 10513 the uidNumber for Domain Users ? > > > > I suggest you check the AD database, if only to rule it out. > > > > Try running this: > > > > rpcclient localhost -U'arbeitsgruppe\administrator%xxxxxxxxxx' > > -c 'lookupnames "ARBEITSGRUPPE\Domain Users"' > > gives me: > > ARBEITSGRUPPE\Domain Users > S-1-5-21-2777655458-4002997014-749295002-513 > (Domain Group: 2) > > in the meantime I reset iptables with (from ubuntu wiki ...): > > iptables -F > iptables -X > iptables -t nat -F > iptables -t nat -X > iptables -t mangle -F > iptables -t mangle -X > iptables -P INPUT ACCEPT > iptables -P FORWARD ACCEPT > iptables -P OUTPUT ACCEPT > > hmm > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Am 22.02.19 um 15:28 schrieb L.P.H. van Belle via samba:> Stefan, > > If everythig works now. Then keep it as is. > Most probly it was the firewall that caused the problem. > > @Rowland, good point. Im everytime amazed with all the commands you know.. :-) > And SID: S-1-5-21domain-513 = domain users. > > These are "Samba Sids" S-1-22-[1-2] > 1 useres > 2 groups > > And thats corect with wbinfo -g 10513 shows all groups.well ... I don't have feedback from them since my last changes No I restarted all 3 smbd/nmbd/winbindd and see "mapped" usernames in smbstatus again: good But only some users in "ls -l" -> drwxrwx---+ 14 10092 domain users 4096 Feb 6 15:56 19-042-NE drwxrwx---+ 2 10023 domain users 4096 Feb 12 14:21 19-043-NS drwxrwx---+ 14 schlagerf domain users 4096 Feb 8 06:32 19-044-SE drwxrwx---+ 7 10050 domain users 4096 Feb 12 14:41 19-045-HF drwxrwx---+ 4 10092 domain users 4096 Feb 18 10:29 19-046-FU drwxrwx---+ 4 mayerg domain users 4096 Feb 19 17:21 19-047-AM can't say 100% if that was different last week. And I *should* come up with a way to run docker as well on that host, aside samba services. But maybe not today ... thanks so far.
Am 22.02.19 um 15:33 schrieb Stefan G. Weichinger via samba:> And I *should* come up with a way to run docker as well on that host, > aside samba services. > > But maybe not today ...docker seems to create DNS A-records for the file-server and backup-server in the DCs DNS ... So the names resolve to 3 IPs: one in correct LAN, 2 in docker subnets ... Trying to get rid of that. Did an additional entry in /etc/hosts for a test ... no success so far. I can delete the records, but assume docker will recreate them.
so far samba works fine again, thanks at another site I see an outdated /etc/krb5.keytab can I delete and let recreate it? I assume with stopped winbind?
Hai Stefan, How are you telling its outdated? And dont delete it if you would re-created it. Move it away/backup it. But this would help you. https://wiki.samba.org/index.php/Keytab_Extraction Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: woensdag 27 februari 2019 11:07 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Debian 9.8 and vanbelle-repos > > > so far samba works fine again, thanks > > at another site I see an outdated /etc/krb5.keytab > > can I delete and let recreate it? > > I assume with stopped winbind? > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >